github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-01-15 16:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: Correct conditional map for cluster security group additional rules (#1738)

Browse Source
This commit is contained in:
Bryant Biggs
2022-01-06 06:27:04 -05:00
committed by GitHub
parent d71ef01c37
commit a2c7caac9f
4 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -695,7 +695,7 @@ Full contributing [guidelines are covered here](https://github.com/terraform-aws
| <a name="input_cluster_endpoint_public_access_cidrs"></a> [cluster\_endpoint\_public\_access\_cidrs](#input\_cluster\_endpoint\_public\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
| <a name="input_cluster_identity_providers"></a> [cluster\_identity\_providers](#input\_cluster\_identity\_providers) | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | `any` | `{}` | no |
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no |
| <a name="input_cluster_security_group_additional_rules"></a> [cluster\_security\_group\_additional\_rules](#input\_cluster\_security\_group\_additional\_rules) | List of additional security group rules to add to the cluster security group created | `map(any)` | `{}` | no |
| <a name="input_cluster_security_group_additional_rules"></a> [cluster\_security\_group\_additional\_rules](#input\_cluster\_security\_group\_additional\_rules) | List of additional security group rules to add to the cluster security group created | `any` | `{}` | no |
| <a name="input_cluster_security_group_description"></a> [cluster\_security\_group\_description](#input\_cluster\_security\_group\_description) | Description of the cluster security group created | `string` | `"EKS cluster security group"` | no |
| <a name="input_cluster_security_group_id"></a> [cluster\_security\_group\_id](#input\_cluster\_security\_group\_id) | Existing security group ID to be attached to the cluster. Required if `create_cluster_security_group` = `false` | `string` | `""` | no |
| <a name="input_cluster_security_group_name"></a> [cluster\_security\_group\_name](#input\_cluster\_security\_group\_name) | Name to use on cluster security group created | `string` | `null` | no |

11
examples/eks_managed_node_group/main.tf
View File

@@ -44,6 +44,17 @@ module "eks" {
resources = ["secrets"]
}]
cluster_security_group_additional_rules = {
admin_access = {
description = "Admin ingress to Kubernetes API"
cidr_blocks = ["10.97.0.0/30"]
protocol = "tcp"
from_port = 443
to_port = 443
type = "ingress"
}
}
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

2
main.tf
View File

@@ -119,7 +119,7 @@ resource "aws_security_group" "cluster" {
}
resource "aws_security_group_rule" "cluster" {
for_each = local.create_cluster_sg ? merge(local.cluster_security_group_rules, var.cluster_security_group_additional_rules) : {}
for_each = { for k, v in merge(local.cluster_security_group_rules, var.cluster_security_group_additional_rules) : k => v if local.create_cluster_sg }
# Required
security_group_id = aws_security_group.cluster[0].id

2
variables.tf
View File

@@ -153,7 +153,7 @@ variable "cluster_security_group_description" {
variable "cluster_security_group_additional_rules" {
description = "List of additional security group rules to add to the cluster security group created"
type = map(any)
type = any
default = {}
}